hints for using ssh

After some ssh -fNT -L 6443:10.0.6.2:6443 bastion & again, it is probably time to refer to some SSH hints. Yes, everything is referenced in the man ssh page. But sometimes I am lazy, too. (And for now I blissfully ignore, that there are multiple ssh implementations and focus just on the using ssh part)

ProxyJump is probably my most used ssh config for ssh (just after User and having a nice alias).

If you pass multiple parameters: only the first obtained one will be used.

Indentation of your .ssh/config matters 😉

If you need debug output, just add a (-)v for each debug level you want. So ssh […] -v for debug1:, ssh […] -vv for debug2: and so on.

For managing keys, moviuro has a nice write up on ssh(1) key management examples.

There are quite a few good talks about ssh on the media.ccc.de server, if you prefer videos.

And what does this ugly ssh command do? ExplainShell does a better job than me explaining ssh -fNT -L 6443:10.0.6.2:6443 bastion & the technical details.

But for the intention: use the bastion (as configured in your ~/.ssh/config) as a jump host to tunnel all the traffic. Which traffic? The one to 10.0.6.2:6443 where you forward from localhost:6443. So you can interact with the k8s control plane on 10.0.6.2 as if it was local on your computer.

Another example: I have a webserver in my ~/.ssh/config but because of firewall setup I can only connect to it via ssh. Then ssh -NT -L localhost:8080:localhost:80 webserver would make the webserver (deployed as usual on port 80) accessable on http://localhost:8080. (And since this would stay in the foreground, you can interrupt it anytime via Ctrl+C.)